How do I identify a phishing scam?

Overview

Phishing refers to someone who sends an e-mail to you, claiming to be someone they are not to trick you into divulging personal or confidential information. 

Often those who send phishing emails pretend to be someone from a legitimate organization or have another compromised an account of someone you might know from your organization. Information sought by the scammer ranges from a password or credit card number to personally identifiable information or bank account numbers of scam recipient(s).

Instructions

Two common tactics that scammers use are 1) offers that are too good to be true or 2) evoke a sense of urgency. An example of the former would be receiving a job offer claiming a company will pay you $1,000/week for a part-time job. This kind of offer is just too good to be true. The latter could be an email to update your account immediately to prevent it from being shut down with a link leading you to divulge account information.

No legitimate company would ask you to change your passwords or update your account information with a link in an e-mail. Purdue IT will never ask for your credentials in an email or ask you to click a link to update your account. The best security practice is to never click on the link or call the phone number provided in the e-mail, unless absolutely necessary. It is better to be too cautious or vigilant when using your email. To check the authenticity of the message, you should: 

  • Hover over links in emails to see where it is trying to take you
  • Visit the company's website directly, instead of clicking the link
  • Call the company and follow up on the email
  • Copy and paste links in emails when using your mobile, instead of clicking the link
  • Check for spelling/grammar mistakes within the email

Phishing attempts to your Purdue University career account can be reported or forwarded to abuse@purdue.edu.

Phishing schemes are not only limited to e-mails but may be carried out by phone calls, text messages, pop-up windows or even by another instant messaging application. Phishing e-mails are becoming more sophisticated and appear legitimate by using company logos and names of companies that you know or trust. Some popular phishing schemes imitate websites such as PayPal, Amazon, Microsoft Outlook, credit card companies, large banks or even Purdue’s login page.

Troubleshooting

Still need help?  Click the 'Purdue IT Request' button to start a ticket.

Purdue IT Request Print Article

Details

Article ID: 375
Created
Thu 6/15/23 4:05 PM
Modified
Fri 7/7/23 3:14 PM

Related Articles (1)

How do I report phishing e-mails?
How to report phishing e-mails.

Related Services / Offerings (2)

Secure Computing
Taking action to personally ensure computer security helps protect everyone from data and identity theft, viruses, hackers, and other threats. Every member of the Purdue community who uses a computing device can make Purdue’s computing environment more secure.
Secure Computing Request
Secure Computing Request